<?php
	/* ***************************************************** */
	/* Arcans Team (2010), website                           */
	/* Site under GNU GPL v3 Licence                         */
	/* (see NOTICE and COPYING in the of the site file tree) */
	/* ***************************************************** */

	/* ***************************************************** */
	/* Fonction de test de connexion                         */
	/* ***************************************************** */
	function connexFun ($document,$conf) {
		$pass_hash = filter_input(INPUT_POST,"info0",FILTER_VALIDATE_REGEXP,array("options"=>array("regexp"=>"/[a-z0-9]/")));
		if ($pass_hash === FALSE) $pass_hash = "aaa";
		$bdd = bdd_connect("mysql",$conf);
		$result = $bdd->query("SELECT COUNT(*) user_con FROM at_users WHERE pass_hash='".$pass_hash."';");
		$result = $result->fetch();
		if ($result[0] == 1) {
			$result = $bdd->query("SELECT id,nom,niveau FROM at_users WHERE pass_hash='".$pass_hash."';");
			$result = $result->fetch();
			if ($result["niveau"] == -10) $document->documentElement->setAttribute("valid","arch");
			else {
				$document->documentElement->setAttribute("valid",1);
				$_SESSION["pseudo"] = $result["nom"]; $_SESSION["id"] = $result["id"]; $_SESSION["level"] = $result["niveau"];
				$document->documentElement->setAttribute("user",$result["nom"]);
			}
		}
		else $document->documentElement->setAttribute("valid","no");
	}
	/* ***************************************************** */
	/* Fonction d'envoi du mail suite à l'action "contact"   */
	/* ***************************************************** */
	function contactFun ($document,$conf) {
		$header = 'From:contact@arcans-team.toile-libre.org'."\n";
		$header = $header.'Content-Type:text/html;charset="utf-8"'."\n".'Content-Transfer-Encoding: 8bit';
		$message = DOMImplementation::createDocument("http://www.w3.org/1999/xhtml","html");
		$message->encoding = 'utf-8'; $html = $message->documentElement;
		$head = addNode($message,"head",$html,array());
		addNode($message,"title",$head,array("texte"=>"[AT]Message de contact."));
		$body = addNode($message,"body",$html,array());
		addNode($message,"p",$body,array("texte"=>"Nouveau message de contact, reçu le ".date("d/m/y à H:i")."."));
		addNode($message,"p",$body,array("texte"=>"Titre du message : ".$_POST["info0"]));
		addNode($message,"p",$body,array("texte"=>"Adresse email donnée : ".$_POST["info1"]));
		addNode($message,"p",$body,array("texte"=>"Message :"));
		addNode($message,"p",$body,array("texte"=>$_POST["info2"]));
		mail("arcans.team@gmail.com","[AT] Message de contact",$message->saveXML(),$header);
	}
	/* ***************************************************** */
	/* Fonction de réponse au demande sur les projets        */
	/* ***************************************************** */
	function projetFun ($document,$conf) {
		//
		//TODO
		//
		/*$pjt_id = filter_input(INPUT_POST,"info0",FILTER_VALIDATE_INT);
		if ($pjt_id === FALSE) $pjt_id = 0;
		$xml_bdd = new DomDocument(); $xml_bdd->load($conf[5]);
		$bdd = $xml_bdd->getElementsByTagName("bdd");
		foreach ($bdd as $elt) { if ($elt->getAttribute("name")=="pgsql") { $bdd = $elt; break; } }
		$bdd = new PDO ($bdd->getAttribute("value0"),$bdd->getAttribute("value1"),$bdd->getattribute("value2"));
		$bdd->query("SET SCHEMA 'arcans_team';");
		$ajax = $document->documentElement; $user_id = 0;
		if (isset($_SESSION["id"])) $user_id = $_SESSION["id"];
		$ajax->setAttribute("user_id",$user_id);
		if ($user_id != 0) {
			if ($_SESSION["level"] == 100) $ajax->setAttribute("level",10);
			elseif ($_SESSION["level"] >= 10) {
				$query = "SELECT statut FROM at_pjt_user WHERE id_pjt=".$pjt_id." AND id_user=".$user_id;
				$result = $bdd->query($query." ORDER BY date_start DESC LIMIT 1;");
				if ($result->rowCount() == 1) {
					$result = $result->fetch(); $level = 0;
					if ($result["statut"] == 1) $level = 3;
					elseif ($result["statut"] == 2) $level = 2;
					elseif ($result["statut"] == 3) $level = 0;
					$ajax->setAttribute("level",$level);
				}
				else $ajax->setAttribute("level",1);
			}
			else $ajax->setAttribute("level",0);
		}
		else $ajax->setAttribute("level",0);
		$ajax->setAttribute("idp",$pjt_id);
		switch ($_POST["info1"]) {
			case "show_objs" :
				$ajax->setAttribute("type","objs");
				$result = $bdd->query("SELECT * FROM at_objectifs WHERE id_projet=".$pjt_id." ORDER BY date_maj DESC, date_post DESC;");
				$ajax->setAttribute("nb_objs",$result->rowCount());
				if ($result->rowCount() > 0) {
					while ($eng = $result->fetch()) {
						$obj = addNode($document,"obj",$ajax,array("id"=>$eng[0],"nom"=>$eng[2],"prt"=>$eng[4],"niv"=>$eng[5]));
						$obj->setAttribute("rendu",$eng[6]); $obj->setAttribute("date_post",date("d/m/y H:i",strtotime($eng[7])));
						if ($eng[8] != NULL) $obj->setAttribute("date_maj",date("d/m/y H:i",strtotime($eng[8])));
						else $obj->setAttribute("date_maj","nodate");
						$desc_xml = new DomDocument(); $desc_xml->loadXML($eng[3]); $desc = $desc_xml->documentElement;
						if ($desc->hasChildNodes()) $obj->appendChild($document->importNode($desc,true));
					}
				} break;
			case "show_mess" :
				$ajax->setAttribute("type","mess");
				$query = "SELECT at_messages.id,at_messages.message,at_messages.date_post,at_users.nom FROM at_messages,at_users ";
				$query .= "WHERE at_messages.type_obt=0 AND at_messages.id_obt=".$pjt_id." AND ";
				$result = $bdd->query($query." at_messages.id_user=at_users.id ORDER BY at_messages.date_post;");
				$ajax->setAttribute("nb_mess",$result->rowCount());
				if ($result->rowCount() > 0) {
					while ($eng = $result->fetch()) {
						$mess = addNode($document,"mess",$ajax,array("id"=>$eng[0],"nom"=>$eng[3]));
						$mess->setAttribute("date_post",date("d/m/y H:i",strtotime($eng[2])));
						$mess_xml = new DomDocument(); $mess_xml->loadXML($eng[1]); $eng[1] = $mess_xml->documentElement;
						if ($eng[1]->hasChildNodes()) $mess->appendChild($document->importNode($eng[1],true));
					}
				} break;
			case "supp_mess" :
				//
				$ajax->setAttribute("mess_id",$_POST["info2"]);
				//
				$ajax->setAttribute("valid",1);
				//
				//TODO
				//
				break;
			case "add_mess" :
				//
				//TODO
				//
				break;
			case "show_parts" :
				$ajax->setAttribute("type","part");
				$query = "SELECT at_users.id, at_pjt_user.statut, at_pjt_user.date_start, at_pjt_user.date_end, at_users.nom ";
				$query .= "FROM at_pjt_user, at_users WHERE at_pjt_user.id_pjt=".$pjt_id." AND at_pjt_user.id_user=at_users.id ";
				$result = $bdd->query($query."ORDER BY at_pjt_user.statut, at_pjt_user.date_start;");
				$ajax->setAttribute("nb_part",$result->rowCount()); $nbp_spec = array(0,0,0,0,0);
				if ($result->rowCount() > 0) {
					while ($eng = $result->fetch()) {
						$values = array("id"=>$eng[0],"statut"=>$eng[1],"nom"=>$eng[4]);
						$nbp_spec[$eng[1]-1]++; $user = addNode($document,"user",$ajax,$values);
						$user->setAttribute("date_start",date("d/m/y H:i",strtotime($eng[2])));
						if ($eng[3] != NULL) $user->setAttribute("date_end",date("d/m/y H:i",strtotime($eng[3])));
						else $user->setAttribute("date_end","nodate");
					}
					$ajax->setAttribute("nbp_s1",$nbp_spec[0]);
					$ajax->setAttribute("nbp_s2",$nbp_spec[1]);
					$ajax->setAttribute("nbp_s3",$nbp_spec[2]);
					$ajax->setAttribute("nbp_s4-5",$nbp_spec[3]+$nbp_spec[4]);
				} break;
			case "obj_desc" :
				$obj_id = filter_input(INPUT_POST,"info2",FILTER_VALIDATE_INT);
				if ($obj_id === FALSE) $obj_id = 0;
				$ajax->setAttribute("obj_id",$obj_id);
				if ($obj_id != 0) {
					$query = "SELECT at_users.nom,at_messages.id,at_messages.message,at_messages.date_post FROM at_users,at_messages ";
					$query .= "WHERE at_messages.type_obt=1 AND at_messages.id_obt=".$obj_id." AND at_users.id=at_messages.id_user";
					$result = $bdd->query($query." ORDER BY at_messages.date_post;");
					$ajax->setAttribute("nb_mess",$result->rowCount());
					if ($result->rowCount() > 0) {
						while ($eng = $result->fetch()) {
							$eng["date_post"] = date("d/m/y H:i",strtotime($eng["date_post"]));
							$message = addNode($document,"message",$ajax,array("user"=>$eng["nom"],"date"=>$eng["date_post"],"id"=>$eng["id"]));
							$eng_xml = new DomDocument(); $eng_xml->loadXML($eng["message"]); $eng = $eng_xml->documentElement;
							$message->appendChild($document->importNode($eng,true));
						}
					}
				} break;
			case "add_com" :
				$obj_id = filter_input(INPUT_POST,"info2",FILTER_VALIDATE_INT);
				if ($obj_id == FALSE) $obj_id = 0;
				$ajax->setAttribute("obj_id",$obj_id);
				if (isset($_SESSION["level"]) && $_SESSION["level"] >= 10) {
					$niveau = 0;
					if ($_SESSION["level"] == 100) $niveau = 1;
					else {
						$query = "SELECT COUNT(*) niveau FROM at_pjt_user WHERE id_user=".$_SESSION["id"]." AND id_pjt=";
						$result = $bdd->query($query.$pjt_id." AND (statut=1 OR statut=2);");
						$result = $result->fetch(); $niveau = $result["niveau"];
					}
					if (!$niveau) $ajax->setAttribute("valid",0);
					elseif ($niveau == 1) {
						$ajax->setAttribute("valid",1); $text = "<data>".pg_escape_string($_POST["info3"])."</data>";
						$bdd->query("INSERT INTO at_messages VALUES(DEFAULT,".$_SESSION["id"].",".$obj_id.",1,'".$text."',DEFAULT,NULL);");
						$query = "SELECT id,message,date_post FROM at_messages WHERE id_user=".$_SESSION["id"]." AND id_obt=".$obj_id;
						$result = $bdd->query($query." AND type_obt=1 ORDER BY date_post DESC LIMIT 1;");
						if ($result->rowCount() == 0 || $result->rowCount() > 1) $ajax->setAttribute("valid",2);
						else {
							$result = $result->fetch();
							$message = addNode($document,"message",$ajax,array("user"=>$_SESSION["pseudo"],"id"=>$result["id"]));
							$message->setAttribute("date",date("d/m/y H:i",strtotime($result["date_post"])));
							$text_xml = new DomDocument(); $text_xml->loadXML($result["message"]); $text = $text_xml->documentElement;
							$message->appendChild($document->importNode($text,true));
						}
					}
					else $ajax->setAttribute("valid",2);
				}
				else $ajax->setAttribute("valid",0); break;
			case "moder_obj" :
				$obj_id = filter_input(INPUT_POST,"info2",FILTER_VALIDATE_INT);
				if ($obj_id === FALSE) $ajax->setAttribute("valid",2);
				else {
					if (isset($_SESSION["level"]) && $_SESSION["level"] >= 10) {
						$niveau = 0;
						if($_SESSION["level"] == 100) $niveau = 1;
						else {
							$query = "SELECT COUNT(*) niveau FROM at_pjt_user WHERE id_user=".$_SESSION["id"]." AND id_pjt=";
							$result = $bdd->query($query.$pjt_id." AND (statut=1 OR statut=2);");
							$result = $result->fetch(); $niveau = $result["niveau"];
						}
						if (!$niveau) $ajax->setAttribute("valid",0);
						elseif ($niveau == 1) {
							$com_id = filter_input(INPUT_POST,"info3",FILTER_VALIDATE_INT);
							if ($com_id === FALSE) $ajax->setAttribute("valid",2);
							else {
								$result = $bdd->query("DELETE FROM at_messages WHERE id=".$com_id." AND id_obt=".$obj_id." AND type_obt=1;");
								$result = $result->fetch(); $ajax->setAttribute("idc",$com_id);
								$ajax->setAttribute("valid",1);
								$ajax->setAttribute("com_id",$com_id);
							}
						}
						else $ajax->setAttribute("valid",2);
					}
					else $ajax->setAttribute("valid",0);
				} break;
			case "supp_obj" :
				$obj_id = filter_input(INPUT_POST,"info2",FILTER_VALIDATE_INT);
				if ($obj_id === FALSE) $ajax->setAttribute("valid",2);
				else {
					if (isset($_SESSION["level"]) && $_SESSION["level"] >= 10) {
						$niveau = 0;
						if($_SESSION["level"] == 100) $niveau = 1;
						else {
							$query = "SELECT COUNT(*) niveau FROM at_pjt_user WHERE id_user=".$_SESSION["id"]." AND id_pjt=";
							$result = $bdd->query($query.$pjt_id." AND (statut=1 OR statut=2);");
							$result = $result->fetch(); $niveau = $result["niveau"];
						}
						if (!$niveau) $ajax->setAttribute("valid",0);
						elseif ($niveau == 1) {
							$bdd->query("DELETE FROM at_messages WHERE type_obt=1 AND id_obt=".$obj_id.";");
							$bdd->query("DELETE FROM at_objectifs WHERE id=".$obj_id.";");
							$ajax->setAttribute("obj_id",$obj_id);
							$ajax->setAttribute("valid",1);
						}
						else $ajax->setAttribute("valid",2);
					}
					else $ajax->setAttribute("valid",0);
				} break;
			case "mod_obj" :
				//
				//TODO
				//
				break;
			//
		}*/
		//
	}
?>